mirror of
https://git.proxmox.com/git/pve-access-control
synced 2025-10-05 06:06:13 +00:00
api: user: indentation & whitspace cleanups
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
parent
4100ba8d65
commit
3e5b237feb
@ -218,7 +218,8 @@ __PACKAGE__->register_method ({
|
|||||||
method => 'POST',
|
method => 'POST',
|
||||||
permissions => {
|
permissions => {
|
||||||
description => "You need 'Realm.AllocateUser' on '/access/realm/<realm>' on the realm of user <userid>, and 'User.Modify' permissions to '/access/groups/<group>' for any group specified (or 'User.Modify' on '/access/groups' if you pass no groups.",
|
description => "You need 'Realm.AllocateUser' on '/access/realm/<realm>' on the realm of user <userid>, and 'User.Modify' permissions to '/access/groups/<group>' for any group specified (or 'User.Modify' on '/access/groups' if you pass no groups.",
|
||||||
check => [ 'and',
|
check => [
|
||||||
|
'and',
|
||||||
[ 'userid-param', 'Realm.AllocateUser'],
|
[ 'userid-param', 'Realm.AllocateUser'],
|
||||||
[ 'userid-group', ['User.Modify'], groups_param => 1],
|
[ 'userid-group', ['User.Modify'], groups_param => 1],
|
||||||
],
|
],
|
||||||
@ -329,8 +330,7 @@ __PACKAGE__->register_method ({
|
|||||||
code => sub {
|
code => sub {
|
||||||
my ($param) = @_;
|
my ($param) = @_;
|
||||||
|
|
||||||
my ($username, undef, $domain) =
|
my ($username, undef, $domain) = PVE::AccessControl::verify_username($param->{userid});
|
||||||
PVE::AccessControl::verify_username($param->{userid});
|
|
||||||
|
|
||||||
my $usercfg = cfs_read_file("user.cfg");
|
my $usercfg = cfs_read_file("user.cfg");
|
||||||
|
|
||||||
@ -371,18 +371,14 @@ __PACKAGE__->register_method ({
|
|||||||
code => sub {
|
code => sub {
|
||||||
my ($param) = @_;
|
my ($param) = @_;
|
||||||
|
|
||||||
my ($username, $ruid, $realm) =
|
my ($username, $ruid, $realm) = PVE::AccessControl::verify_username($param->{userid});
|
||||||
PVE::AccessControl::verify_username($param->{userid});
|
|
||||||
|
|
||||||
PVE::AccessControl::lock_user_config(
|
|
||||||
sub {
|
|
||||||
|
|
||||||
|
PVE::AccessControl::lock_user_config(sub {
|
||||||
my $usercfg = cfs_read_file("user.cfg");
|
my $usercfg = cfs_read_file("user.cfg");
|
||||||
|
|
||||||
PVE::AccessControl::check_user_exist($usercfg, $username);
|
PVE::AccessControl::check_user_exist($usercfg, $username);
|
||||||
|
|
||||||
$usercfg->{users}->{$username}->{enable} = $param->{enable} if defined($param->{enable});
|
$usercfg->{users}->{$username}->{enable} = $param->{enable} if defined($param->{enable});
|
||||||
|
|
||||||
$usercfg->{users}->{$username}->{expire} = $param->{expire} if defined($param->{expire});
|
$usercfg->{users}->{$username}->{expire} = $param->{expire} if defined($param->{expire});
|
||||||
|
|
||||||
PVE::AccessControl::delete_user_group($username, $usercfg)
|
PVE::AccessControl::delete_user_group($username, $usercfg)
|
||||||
@ -435,12 +431,9 @@ __PACKAGE__->register_method ({
|
|||||||
my $rpcenv = PVE::RPCEnvironment::get();
|
my $rpcenv = PVE::RPCEnvironment::get();
|
||||||
my $authuser = $rpcenv->get_user();
|
my $authuser = $rpcenv->get_user();
|
||||||
|
|
||||||
my ($userid, $ruid, $realm) =
|
my ($userid, $ruid, $realm) = PVE::AccessControl::verify_username($param->{userid});
|
||||||
PVE::AccessControl::verify_username($param->{userid});
|
|
||||||
|
|
||||||
PVE::AccessControl::lock_user_config(
|
|
||||||
sub {
|
|
||||||
|
|
||||||
|
PVE::AccessControl::lock_user_config(sub {
|
||||||
my $usercfg = cfs_read_file("user.cfg");
|
my $usercfg = cfs_read_file("user.cfg");
|
||||||
|
|
||||||
my $domain_cfg = cfs_read_file('domains.cfg');
|
my $domain_cfg = cfs_read_file('domains.cfg');
|
||||||
@ -504,14 +497,12 @@ __PACKAGE__->register_method ({
|
|||||||
|
|
||||||
my ($username, undef, $realm) = PVE::AccessControl::verify_username($param->{userid});
|
my ($username, undef, $realm) = PVE::AccessControl::verify_username($param->{userid});
|
||||||
|
|
||||||
|
|
||||||
my $domain_cfg = cfs_read_file('domains.cfg');
|
my $domain_cfg = cfs_read_file('domains.cfg');
|
||||||
my $realm_cfg = $domain_cfg->{ids}->{$realm};
|
my $realm_cfg = $domain_cfg->{ids}->{$realm};
|
||||||
die "auth domain '$realm' does not exist\n" if !$realm_cfg;
|
die "auth domain '$realm' does not exist\n" if !$realm_cfg;
|
||||||
|
|
||||||
my $realm_tfa = {};
|
my $realm_tfa = {};
|
||||||
$realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa})
|
$realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa}) if $realm_cfg->{tfa};
|
||||||
if $realm_cfg->{tfa};
|
|
||||||
|
|
||||||
my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
|
my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
|
||||||
my $tfa = $tfa_cfg->{users}->{$username};
|
my $tfa = $tfa_cfg->{users}->{$username};
|
||||||
@ -528,7 +519,8 @@ __PACKAGE__->register_method ({
|
|||||||
method => 'GET',
|
method => 'GET',
|
||||||
description => "Get user API tokens.",
|
description => "Get user API tokens.",
|
||||||
permissions => {
|
permissions => {
|
||||||
check => ['or',
|
check => [
|
||||||
|
'or',
|
||||||
['userid-param', 'self'],
|
['userid-param', 'self'],
|
||||||
['perm', '/access/users/{userid}', ['User.Modify']],
|
['perm', '/access/users/{userid}', ['User.Modify']],
|
||||||
],
|
],
|
||||||
@ -564,7 +556,8 @@ __PACKAGE__->register_method ({
|
|||||||
method => 'GET',
|
method => 'GET',
|
||||||
description => "Get specific API token information.",
|
description => "Get specific API token information.",
|
||||||
permissions => {
|
permissions => {
|
||||||
check => ['or',
|
check => [
|
||||||
|
'or',
|
||||||
['userid-param', 'self'],
|
['userid-param', 'self'],
|
||||||
['perm', '/access/users/{userid}', ['User.Modify']],
|
['perm', '/access/users/{userid}', ['User.Modify']],
|
||||||
],
|
],
|
||||||
@ -595,7 +588,8 @@ __PACKAGE__->register_method ({
|
|||||||
description => "Generate a new API token for a specific user. NOTE: returns API token value, which needs to be stored as it cannot be retrieved afterwards!",
|
description => "Generate a new API token for a specific user. NOTE: returns API token value, which needs to be stored as it cannot be retrieved afterwards!",
|
||||||
protected => 1,
|
protected => 1,
|
||||||
permissions => {
|
permissions => {
|
||||||
check => ['or',
|
check => [
|
||||||
|
'or',
|
||||||
['userid-param', 'self'],
|
['userid-param', 'self'],
|
||||||
['perm', '/access/users/{userid}', ['User.Modify']],
|
['perm', '/access/users/{userid}', ['User.Modify']],
|
||||||
],
|
],
|
||||||
@ -674,7 +668,8 @@ __PACKAGE__->register_method ({
|
|||||||
description => "Update API token for a specific user.",
|
description => "Update API token for a specific user.",
|
||||||
protected => 1,
|
protected => 1,
|
||||||
permissions => {
|
permissions => {
|
||||||
check => ['or',
|
check => [
|
||||||
|
'or',
|
||||||
['userid-param', 'self'],
|
['userid-param', 'self'],
|
||||||
['perm', '/access/users/{userid}', ['User.Modify']],
|
['perm', '/access/users/{userid}', ['User.Modify']],
|
||||||
],
|
],
|
||||||
@ -699,7 +694,7 @@ __PACKAGE__->register_method ({
|
|||||||
my $usercfg = cfs_read_file("user.cfg");
|
my $usercfg = cfs_read_file("user.cfg");
|
||||||
my $token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
my $token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
||||||
|
|
||||||
my $update_token = sub {
|
PVE::AccessControl::lock_user_config(sub {
|
||||||
$usercfg = cfs_read_file("user.cfg");
|
$usercfg = cfs_read_file("user.cfg");
|
||||||
$token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
$token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
||||||
|
|
||||||
@ -711,9 +706,7 @@ __PACKAGE__->register_method ({
|
|||||||
|
|
||||||
$usercfg->{users}->{$userid}->{tokens}->{$tokenid} = $token;
|
$usercfg->{users}->{$userid}->{tokens}->{$tokenid} = $token;
|
||||||
cfs_write_file("user.cfg", $usercfg);
|
cfs_write_file("user.cfg", $usercfg);
|
||||||
};
|
}, 'updating token info failed');
|
||||||
|
|
||||||
PVE::AccessControl::lock_user_config($update_token, 'updating token info failed');
|
|
||||||
|
|
||||||
return $token;
|
return $token;
|
||||||
}});
|
}});
|
||||||
@ -726,7 +719,8 @@ __PACKAGE__->register_method ({
|
|||||||
description => "Remove API token for a specific user.",
|
description => "Remove API token for a specific user.",
|
||||||
protected => 1,
|
protected => 1,
|
||||||
permissions => {
|
permissions => {
|
||||||
check => ['or',
|
check => [
|
||||||
|
'or',
|
||||||
['userid-param', 'self'],
|
['userid-param', 'self'],
|
||||||
['perm', '/access/users/{userid}', ['User.Modify']],
|
['perm', '/access/users/{userid}', ['User.Modify']],
|
||||||
],
|
],
|
||||||
@ -748,7 +742,7 @@ __PACKAGE__->register_method ({
|
|||||||
my $usercfg = cfs_read_file("user.cfg");
|
my $usercfg = cfs_read_file("user.cfg");
|
||||||
my $token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
my $token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
||||||
|
|
||||||
my $update_token = sub {
|
PVE::AccessControl::lock_user_config(sub {
|
||||||
$usercfg = cfs_read_file("user.cfg");
|
$usercfg = cfs_read_file("user.cfg");
|
||||||
|
|
||||||
PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid);
|
||||||
@ -758,9 +752,7 @@ __PACKAGE__->register_method ({
|
|||||||
delete $usercfg->{users}->{$userid}->{tokens}->{$tokenid};
|
delete $usercfg->{users}->{$userid}->{tokens}->{$tokenid};
|
||||||
|
|
||||||
cfs_write_file("user.cfg", $usercfg);
|
cfs_write_file("user.cfg", $usercfg);
|
||||||
};
|
}, 'deleting token failed');
|
||||||
|
|
||||||
PVE::AccessControl::lock_user_config($update_token, 'deleting token failed');
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}});
|
}});
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user